New York: The hackers have hacked the private messages of more than 120 million Facebook accounts and published such messages from 81,000 accounts for generating money.
Several users whose details have been compromised were based in Ukraine and Russia but some were also from the UK, US, Brazil and elsewhere.
The hackers offered to sell access for 10 cents per account. However, their advert has since been taken offline.
ALSO READ: Bharatiya Janata Party issues 1st list of MPs
The breach was first discovered in September and the messages were reportedly obtained through unnamed rogue browser extensions.
Facebook, however, said its systems were not breached as part of the hack.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Guy Rose, Vice President of Product Management at Facebook said.
“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.
“One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode (British rock band) concert and a third included complaints about a son-in-law,” the report said.
In the biggest-ever security breach after Cambridge Analytica scandal, Facebook in October admitted that hackers broke into nearly 50 million users’ accounts by stealing their access tokens or digital keys.
Rosen had said that Facebook fixed the vulnerability and reset the access tokens for a total of 90 million accounts, 50 million that had access tokens stolen and 40 million that were subject to a ‘View As’ lookup in 2017.
Ireland’s Data Protection Commission (DPC), which is Facebook’s lead privacy regulator in Europe, has opened a formal investigation into this data breach that could result in a fine of $1.63 billion.
According to Digital Trends, the latest hack involves the use of browser extensions.
“It is always best to check which source an extension is coming from, and which permissions it is being granted access to,” it said.